CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in themelocation Custom WooCommerce Checkout Fields Editor add-fields-to-checkout-page-woocommerce allows Cross Site Request Forgery.This issue affects Custom WooCommerce Checkout Fields Editor: from n/a through <= 1.3.4.
Explanation of Vulnerability in Simple Terms
Custom WooCommerce Checkout Fields Editor versions 1.3.4 and earlier are vulnerable to cross-site request forgery (CSRF). An attacker can trick a site administrator into performing unintended actions on the checkout form, such as modifying field settings or configurations. The vulnerability requires the admin to visit a malicious page while logged in. No sensitive data is exposed, but the integrity of checkout field settings can be compromised.
What an attacker can do
Trick an admin into modifying checkout field settings without their knowledge.
Potential impact on your site
Checkout form fields could be altered, potentially disrupting customer transactions or collecting unwanted data.
Conditions required to exploit
Admin must be logged in and visit an attacker-controlled page or link.
Key dates
External resources
Related vulnerabilities
